<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Amazon Aurora PostgreSQL - CraftedSignal Threat Feed</title><link>https://feed.craftedsignal.io/products/amazon-aurora-postgresql/</link><description>Trending threats, MITRE ATT&amp;CK coverage, and detection metadata. Fed continuously.</description><generator>Hugo</generator><language>en</language><managingEditor>hello@craftedsignal.io</managingEditor><webMaster>hello@craftedsignal.io</webMaster><lastBuildDate>Fri, 17 Jul 2026 18:41:28 +0000</lastBuildDate><atom:link href="https://feed.craftedsignal.io/products/amazon-aurora-postgresql/feed.xml" rel="self" type="application/rss+xml"/><item><title>Privilege Escalation in AWS Advanced JDBC Wrapper for Aurora PostgreSQL</title><link>https://feed.craftedsignal.io/briefs/2026-07-aws-jdbc-privesc/</link><pubDate>Fri, 17 Jul 2026 18:41:28 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2026-07-aws-jdbc-privesc/</guid><description>A privilege escalation vulnerability (CVE-2026-11400) exists in the AWS Advanced JDBC Wrapper for Amazon Aurora PostgreSQL, affecting versions 3.0.0 through 4.0.0. A low-privileged authenticated user can craft a function to execute with rds_superuser permissions.</description><content:encoded><![CDATA[<p>A critical privilege escalation vulnerability, tracked as CVE-2026-11400, has been identified in the AWS Advanced JDBC Wrapper when used with Amazon Aurora PostgreSQL instances. This issue affects versions of the wrapper from 3.0.0 up to, but not including, 4.0.1. The vulnerability allows an authenticated user with low privileges to create a specially crafted PostgreSQL function. When executed, this function can exploit the flaw in the JDBC Wrapper to run with the permissions of other Amazon Relational Database Service (RDS) users, specifically escalating to the <code>rds_superuser</code> role. This grants the attacker full administrative control over the affected Aurora PostgreSQL database, posing a significant risk to data integrity, confidentiality, and availability. Defenders should prioritize patching and monitoring for unusual database activities, especially related to function creation and execution by low-privileged accounts.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li>An authenticated, low-privilege user connects to an affected Amazon Aurora PostgreSQL instance.</li>
<li>The user leverages the vulnerability (CVE-2026-11400) in the AWS Advanced JDBC Wrapper.</li>
<li>The user creates a specially crafted PostgreSQL function designed to exploit the wrapper's insecure handling of permissions.</li>
<li>Upon execution, the crafted function bypasses normal permission checks due to the vulnerability present in the AWS Advanced JDBC Wrapper.</li>
<li>The function successfully executes with the elevated permissions of the <code>rds_superuser</code> role.</li>
<li>The attacker gains full administrative control over the Amazon Aurora PostgreSQL database instance, enabling access to all data and the ability to modify database configurations.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>Successful exploitation of CVE-2026-11400 leads to complete compromise of the Amazon Aurora PostgreSQL database instance. An attacker can gain <code>rds_superuser</code> privileges, allowing them to access, modify, or delete any data within the database. This includes sensitive customer information, critical application data, and database configurations. Such a breach can result in significant data loss, regulatory non-compliance, reputational damage, and disruption of services relying on the compromised database. The vulnerability affects any organization utilizing the AWS Advanced JDBC Wrapper with Amazon Aurora PostgreSQL in the specified vulnerable versions.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Upgrade the AWS Advanced JDBC Wrapper to version 4.0.1 or newer to remediate CVE-2026-11400 immediately.</li>
<li>Apply the recommended workaround by removing the public schema from the search path for your Amazon Aurora PostgreSQL instances.</li>
<li>Review PostgreSQL database logs for unusual function creation or execution activities, especially from low-privileged users, as these could indicate attempted exploitation of CVE-2026-11400.</li>
</ul>
]]></content:encoded><category domain="severity">high</category><category domain="type">advisory</category><category>privilege-escalation</category><category>vulnerability</category><category>cloud</category><category>aws</category><category>postgresql</category></item></channel></rss>